VYPR

Movable Type Premium

by Movabletype

CVEs (3)

  • CVE-2022-45113Dec 7, 2022
    risk 0.00cvss epss 0.01

    Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack.…

  • CVE-2022-38078Aug 24, 2022
    risk 0.00cvss epss 0.02

    Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it.…

  • CVE-2020-5669Oct 26, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.